How does one authenticate with the lesswrong API?

post by Alex Flint (alexflint) · 2020-06-15T23:46:39.296Z · LW · GW · 5 comments

Contents

5 comments

Hello friends, I am working on some scripts to copy content from a google doc into a lesswrong post. I have found the graphql API and I see there is an Authorization header being sent with an auth token. How can I authenticate with the API and acquire a token?

5 comments

Comments sorted by top scores.

comment by habryka (habryka4) · 2020-06-16T06:54:09.506Z · LW(p) · GW(p)

I would recommend just inspecting a graphql query you send while you are logged in and make a request, using your browsers network tools. Chrome has a great utility of copying any query you sent in a bunch of script-ready formats, like a call to cURL or fetch, including any headers you sent along.

Replies from: alexflint
comment by Alex Flint (alexflint) · 2020-06-17T11:54:14.690Z · LW(p) · GW(p)

Yes this is what I have been doing so far. I have been able to grab the auth token in this way but I imagine it will expire sooner or later and I was hoping to be able to programatically acquire an auth token. Based on the source in this file it looks like you're using Meteor to manage authentication. For password-based authentication (as opposite to oauth via google/fb/github) are you also using Meteor?

Interestingly, I see the username and a hash of the password being sent to a sockjs endpoint. Does authentication happen via a websocket?!

Replies from: habryka4
comment by habryka (habryka4) · 2020-06-17T17:08:32.344Z · LW(p) · GW(p)

Yep, all auth currently happens via Meteor. 

We sadly don’t really have any infrastructure set up to hand out programmatic auth tokens, but I think we set the expiration date to something like 5 years, so I don’t think you should run into much of an issue.

And yeah, Meteor generally communicates over websockets. So my guess is that includes the auth part.

comment by Raemon · 2020-06-16T00:45:27.376Z · LW(p) · GW(p)

It's been awhile since I interacted with the API explicitly (hopefully one of the team members with more context will answer soon), but wanted to leave this handy LW API tutorial for now and see if it happened to help you.

Replies from: alexflint